Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: Delete Control for V 1.5.x  (Read 15143 times)

0 Members and 1 Guest are viewing this topic.

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #20 on: May 28, 2011, 01:22:59 pm »

For some reason it blows up under the Editpics section when it hits the $superCage line $superCage->post->getInt('pid');  (this happens when the Edit Files button is pressed off of the index.php).  It produces no error message that I can find.  I had a log file set up and it logs right before the $supercage and then doesn't execute the following line.

Code: [Select]
if (defined('EDITPICS_PHP') && !GALLERY_ADMIN_MODE) {

$try_to_delete = false;
//V1.051 Mod following Line
//         $pid_array = $_POST['pid'];

  $pid_array = $superCage->post->getInt('pid');
        foreach($pid_array as $pid){
                $pid = (int)$pid;
//V1.051 Mod following line
// if (isset($_POST['delete'.$pid])) $try_to_delete = true;
  if ($superCage->post->keyExists('delete'.$pid)) $try_to_delete = true;

}
if ($try_to_delete) {

load_template();
pageheader($lang_error);

cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}
}

Likewise this code to check the boolean condition also causes it to blow up for some reason (placed before the first $superCage). 
Code: [Select]
              if ($superCage->post->keyExists('pid')) {
                 fwrite($newfile,"keyexists");
             } else {
                 fwrite($newfile,"keydoesntexist");
              }
write($newfile, "\n");

When I comment out the $superCage section and initialize the $pid_array ($pid_array = array()), everything executes and looks normal, but I am unclear on what the purpose of this section is.

 
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15759
Re: Delete Control for V 1.5.x
« Reply #21 on: May 31, 2011, 10:52:57 am »

Please attach your modified plugin so I can perform some tests.
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #22 on: May 31, 2011, 03:37:49 pm »

thanks for taking a look.  There are two things still not working, one is the noted code that seems to blow up and also the delete options are still available under the editpics option. 
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15759
Re: Delete Control for V 1.5.x
« Reply #23 on: June 01, 2011, 12:23:22 pm »

For some reason it blows up under the Editpics section when it hits the $superCage line $superCage->post->getInt('pid');  (this happens when the Edit Files button is pressed off of the index.php).  It produces no error message that I can find.
The error message
Quote
Fatal error: Call to a member function getInt() on a non-object in C:\xampplite\htdocs\svn_cpg15x_trunk\plugins\delete_control1.042\codebase.php on line 95
says, that you have to add
Code: [Select]
$superCage = Inspekt::makeSuperCage();just before
Code: [Select]
$pid_array = $superCage->post->getInt('pid');


the delete options are still available under the editpics option
Try the following code:
Code: [Select]
$html = preg_replace('/<td class="(tableh2|tableb|tableb tableb_alternate)" width="40" valign="top">.*name="delete.*".*<\/td>/Us','',$html);
« Last Edit: June 01, 2011, 12:32:01 pm by Αndré »
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #24 on: June 01, 2011, 03:22:52 pm »

That works in my test environment (both items). 

In testing I just noticed that the delete option is still showing under the albmgr (hopefully the last item)

The existing preg_replace statement is this:
Code: [Select]
$html = preg_replace('/(?U)<td.*\s*(?s)javascript:Album_Delete().*<\/td>/','<td width="80">&nbsp;</td>',$html);
The html generated looks like this:
Code: [Select]
<button type="button" id="delete_album" name="delete_album" class="button" value="Delete album" disabled="disabled" title="Delete album"><img src="images/icons/delete.png" border="0" alt="" width="16" height="16" class="icon" /></button>
I tried these:
Code: [Select]
   $html = preg_replace('/(?U)<button.*name=\"delete_album\".*<\/button>/','',$html);
   $html = preg_replace('/(?U)<button.*\s*(?s)name=\"delete_album\".*<\/button>/','',$html);
They both did the same thing, they removed the desired button but also removed the downdown_click button which is on the same line immeaditely preceding the delete button.  The entire line is as follows:
Code: [Select]
<button type="button" id="downdown_click" name="downdown_click" class="button" value="Move to bottom" disabled="disabled" title="Move to bottom"><img src="images/icons/downdown.png" border="0" alt="" width="16" height="16" class="icon" /></button>                        <button type="button" id="delete_album" name="delete_album" class="button" value="Delete album" disabled="disabled" title="Delete album"><img src="images/icons/delete.png" border="0" alt="" width="16" height="16" class="icon" /></button>
   If you can suggest one that removes only the one segment it would be appreciated.


Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15759
Re: Delete Control for V 1.5.x
« Reply #25 on: June 01, 2011, 03:46:40 pm »

Use
Code: [Select]
$html = preg_replace('/<button type="button" id="delete_album".*<\/button>/U','',$html);
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #26 on: June 02, 2011, 10:01:04 am »

Thanks for all the help Andre!

Here is the latest plugin (attached).  I have tested it and it seems to work fine in 1.5.12. 
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15759
Re: Delete Control for V 1.5.x
« Reply #27 on: June 07, 2011, 03:26:00 pm »

Do you want to use this thread as plugin announcement thread (i.e. should I move it to the plugin contributions board) or do you want to start a separate thread?
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #28 on: June 07, 2011, 04:05:25 pm »

Good point, this is the announcement thread for the Delete Control for CPG V1.5.x .
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #29 on: June 12, 2011, 06:12:32 am »

There is another problem with this plug in.  Basically once the plug in is installed the users can not longer sort their pictures.

How the problem occurs:
1. User Logon
2. User selects 'sort my pictures'.
3. User modifies sort order
4. User clicks on 'apply these changes'.
A message is returned indicating the user does not have permission to make the modifications.

This problem existed on the 1.4.x version of the plugin.  I have tested the previous (1.4.x) version of the plug in in both a bridged and non-bridged test environment (v 1.4.25), and the problem (as described above) occurs in both environments.  The problem also occurs in the 1.5.12 version of coppermine and the new plug in.
   
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15759
Re: Delete Control for V 1.5.x
« Reply #30 on: June 14, 2011, 11:56:28 am »

In codebase.php, find
Code: [Select]
if (($what != 'albmgr') || (($what == 'albmgr') && $superCage->post->keyExists('delete_album'))) {and replace with
Code: [Select]
if (($what != 'albmgr' && $what != 'picmgr' ) || (($what == 'albmgr') && $superCage->post->keyExists('delete_album'))) {
Logged

macmiller

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 80
Re: Delete Control for V 1.5.x
« Reply #31 on: June 14, 2011, 01:58:48 pm »

Great!  That seemed to fix it.   :)

I'll post the revised plug in v 1.043 here and in the announcement thread
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.02 seconds with 21 queries.